urelas | b9ef0b865f000a1b1991b916a0640451 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b9ef0b865f000a1b1991b916a0640451
Size

556KB
MD5

b9ef0b865f000a1b1991b916a0640451
SHA1

41d8437387510f192760f1497f8550aadcf31947
SHA256

ddd5507c0b88bb308a14d311131dc1ba44091c6b52320b4cae785b7244383736
SHA512

18bd96bdb9fdfc11da1c1f44148c354f9f0f387361c5d17b2b949bf5d3c01b693b12914152f026fc427f010519bb5d89e4ef8b352ee9c97ab3712e130d229876
SSDEEP

12288:zccNvdRExZGe+Q1nSoS++43x+l7QLiaEyt:znPfQp9L3olqFt

Score

10^/10

upx urelas

Malware Config

Signatures

Urelas family
urelas

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9ef0b865f000a1b1991b916a0640451

Files

b9ef0b865f000a1b1991b916a0640451
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 229KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 89KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 219KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE